Description of problem: Need to be able to use packstack to set up Keystone with LDAP identity backend. Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info:
The bugs are fixed upstream in master. For the puppet-keystone bug 1391373, the backport review to juno needs approval, and we need to get another openstack-puppet-modules build with this fix in it for RHOS6. For the packstack bug 1383793, do we need to backport that fix to juno?
This is fixed upstream - see https://bugzilla.redhat.com/show_bug.cgi?id=1082729 Can this bug be moved to POST?
Fix merged in packstack/master: - https://review.openstack.org/#/c/129989/ And this patch has been backported into Packstack/Juno: - https://review.openstack.org/#/c/159121/
from the code review in the reference bz, can you give a config snippet example of the following: Each component that uses apache must call "include packstack::apache_common". This ensures that a subsequent component manifest will not wipe out apache configuration created by a previous component manifest or the initial apache configuration created by prescript.pp. please indicate parameters/examples for testing past this entry in the answer file: [general] CONFIG_KEYSTONE_SERVICE_NAME=httpd Thanks.
(In reply to Mike Abrams from comment #8) > from the code review in the reference bz, can you give a config snippet > example of the following: > > Each component that uses apache > must call "include packstack::apache_common". This ensures that > a subsequent component manifest will not wipe out apache > configuration created by a previous component manifest or the initial > apache configuration created by prescript.pp. > > please indicate parameters/examples for testing past this entry in the > answer file: > > [general] > CONFIG_KEYSTONE_SERVICE_NAME=httpd > > Thanks. The comment was really meant as a note to future packstack coders who write packstack puppet modules. There really isn't anything you need to do when running packstack, no extra command line options or answer file directives. If you wanted to see the examples in the actual puppet code: https://github.com/stackforge/packstack/blob/master/packstack/puppet/templates/keystone.pp#L22 https://github.com/stackforge/packstack/blob/master/packstack/puppet/templates/horizon.pp#L1 https://github.com/stackforge/packstack/blob/master/packstack/puppet/templates/nagios_server.pp#L1
PASSED. --- added [general] CONFIG_KEYSTONE_SERVICE_NAME=httpd to packstack answer file. tested service with ps filtering for keystone (runs in httpd, not in keystone service) tested functionality using keystone sanity.
This was not properly verified. I think Rich's comment in comment#9 was misinterpreted as a description of how to verify this issue, when it was really just a response to the question in comment#9. To test this, you need to set the CONFIG_KEYSTONE_LDAP_* options in a packstack answer file to allow packstack to configure Keystone to use an LDAP server. The new settings are documented in comments if you have packstack generate an answerfile. The concepts map directly to keystone LDAP configuration settings, so they should make sense to one familiar with configuring keystone for LDAP in previous releases. Putting this back ON_QA so verification can be completed.
Still unstable upstream.
In read write setup, i don't get the problem. Can you confirm this?
right now: puppet-neutron and puppet-cinder don't support keystone v3, this has to be added to the modules for this bug to be fixed.
(In reply to Ivan Chavero from comment #19) > In read write setup, i don't get the problem. Can you confirm this? Read-write setup is working for you? That's good. We also need read-only LDAP to work.
(In reply to Ivan Chavero from comment #21) > right now: puppet-neutron and puppet-cinder don't support keystone v3, this > has to be added to the modules for this bug to be fixed. I don't think it is necessary for all modules to support keystone v3 in order to support Keystone LDAP.
Clearing stale NEEDINFO flags.
Packstack support v3 since a while back so this can be closed now.